为了提高系统的安全性,建议web程序都采用https方式部署,以下为spring boot 2.1.1版本下的https的部署步骤
添加配置
server:
port: 443
ssl:
key-store: classpath:server.p12
key-store-password: 123456
key-store-type: PKCS12
http.port: 80
新建一个tomcat
新建一个tomcat的启动bean,设置端口转发(springboot会自动识别配置文件,ssl开启后,会自动将server.port端口作为ssl的端口部署)。
@Bean
public TomcatServletWebServerFactory servletContainer() { //springboot2 新变化
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(createHTTPConnector());
return tomcat;
}
private Connector createHTTPConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
//同时启用http(8080)、https(8443)两个端口
connector.setScheme("http");
connector.setSecure(false);
connector.setPort(httpPort);
connector.setRedirectPort(httpsPort);
return connector;
}
验证http端口的自动跳转:
输入访问地址:http://localhost 访问后自动跳转 https://localhost 。